Issue with error redirection in case of a custom domain setup
I am building a no-code tool to build custom apps. Each app can have multiple users (email/pass based login). Each app is hosted on its own subdomain app1.domain1.com, app2.domain2.com, and so on.
When better-auth is used in a custom domain/multiple subdomain setup, the base URL is not known at build time but rather at runtime. When logging in via a social provider, let's say Google, if there is an error, the redirection is made to the baseURL defined in the context:
throw c.redirect(${c.context.baseURL}/error?error=state_not_found);
The ideal redirection should be to the client's subdomain. What is the best way to go about this?6 Replies
Bumping this up in case this got missed out.
have you tried not providing base url at all?
better auth tries to infer the url from the request when there is no base url
Yes, I did try this. It did not work as expected.
Is there a way to customize the base url behaviour on better-auth? I presume I can do it by forking the library but it somewhat defeats the purpose of using the library.
we could try to make it dynamic but I'm wondering how it'd be useful for your use case. So doe each app in your no code tool will have its own auth instance? if that's the case then why not just assign a base url for each auth instance?
Just to add more context, I have a more peculiar setup:
client hosted on:
custom.client.com
api calls routed via: api.mysaas.com (same domain used to call the API across clients; moved to api.mysaas.com because the mysaas.com domain is hosted on Vercel and I wanted the api calls to bypass Vercel altogether as they have some weird limitations at their end)
When I leave the baseURL empty, it ends up picking up api.mysaas.com instead of custom.client.com (which seems fair) but not useful from a custom domain POV.
Would you suggest creating multiple auth instances hosted on one server? Is that an acceptable solution? I have also seen other people pointing out the need to make baseURL a dynamic entity (via a function call, just like origins?).if the auth server is hosted on one server and each app just needs to authenticate against it, you don't need to change the base url of the server. Only the base url of the auth client needs to be dynamic